CLAIMS 



WHAT IS CLAIMED IS: 

1. A state decision subsystem (SDS) comprising: 

an inload module; 

a simple programmable entity (SPE); 
a first SPE memory; 
an unload module; 
a coherency module; 

wherein the inload module is adapted to read a first state information 
corresponding to a first TCP packet from a memory subsystem and to write a first context 
to the first SPE memory, wherein the first context includes the first state information and 
the first TCP packet; 

wherein the SPE is adapted to read the first context from the first SPE memory, to 
process the first context, and to write the processed first context to the first SPE memory, 
wherein the processed first context includes a processed first state information and a 
processed first TCP packet; 

wherein the unload memory is adapted to read the processed first context and to 
write the processed first state information to the memory subsystem; and 

wherein the coherency module is adapted to compare contents of the inload 
module and the unload module and, if the contents of each correspond to the same TCP 
connection, replacing the state-related content of the inload module with the state-related 
content of the unload module. 

2. The SDS of claim 1, further comprising: 

a second SPE memory; 

wherein the inload module is further adapted to read a second state information 
corresponding to a second TCP packet from the memory subsystem and to write a second 
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context to the second SPE memory, wherein the second context includes the second state 
information and the second TCP packet; 

wherein the SPE is further adapted to read the second context from the second 
SPE memory, to process the second context, and to write the processed second context to 
the second SPE memory, wherein the processed second context includes the processed 
second state information and the processed second TCP packet; 

wherein the unload memory is adapted to read the processed second context and 
to write the processed second state information to the memory subsystem; and 

whereby the first SPE memory and the second SPE memory form a ping-pong 

buffer. 

3. The SDS of claim 1, 

wherein the inload module further includes an inload queue for queuing contexts; 

wherein the unload module further includes an unload queue for queuing 
processed contexts; and 

wherein the contents of the inload module include the queued contexts and the 
contents of the unload module include the queued processed contexts. 

4. The SDS of claim 1, 

wherein the inload module is further adapted to classify the first TCP packet as a 
packet type; and 

wherein the first context further includes the packet type. 

5. The SDS of claim 4, wherein the packet type is encoded in the first context as a bit 
vector. 

6. The SDS of claim 1, 

wherein the first TCP packet includes a current packet sequence number and 
corresponds to a TCP connection; 
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wherein the first state information includes a next packet sequence number 
designating the sequence number of the next TCP packet to be processed; and 

wherein the inload module is further adapted to determine whether the current 
packet sequence number corresponds to the next packet sequence number and, if not, to 
5 store the first TCP packet for processing after processing earlier-sequenced packets 
corresponding to the TCP connection. 

7. The SDS of claim 1, wherein the first SPE memory and the SPE are implemented in 
the same physical device. 

10 

8. An intranet, wherein at least one SDS as in claim 1 processes packets corresponding to 
a plurality of TCP connections, each connection having both terminations within the 
intranet. 

15 9. An intranet, wherein at least one SDS as in claim 1 processes packets corresponding to 
a plurality of TCP connections, each connection having one termination outside of the 
intranet. 

10. An SDS as in claim 1 that processes packets corresponding to a plurality of TCP 
20 connections, each connection having both terminations within the Internet. 

1 1 . An SDS as in claim 1, 

wherein the inload module is further adapted to read a second state information 
corresponding to a second TCP packet from the memory subsystem, and to write a 
25 second context to the first SPE memory, wherein the second context includes the second 
state information and the second TCP packet; and wherein the SPE is further adapted to 
ignore the second state information in response to determining that the first and second 
TCP packets correspond to the same connection. 
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12. A network of selected computing devices, wherein at least one SDS as in claim 1 
processes packets corresponding to a plurality of TCP connections, each connection 
having both terminations within the network. 

13. A network of selected computing devices, wherein at least one SDS as in claim 1 
processes packets corresponding to a plurality of TCP connections, each connection 
having one termination outside of the network. 

14. A load balancer including at least one SDS as in claim 1. 

15. A firewall including at least one SDS as in claim 1. 

16. An intrusion detection system including at least one SDS as in claim 1. 

17. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
an egress SDS; 

a timer SDS, adapted to perform timing-related tasks; 

wherein the ingress SDS is adapted to read from a memory subsystem state 
information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 

wherein the egress SDS is adapted to read from the memory subsystem state 
information corresponding to outgoing TCP packets, to process the outgoing packets 
accordingly, and to write updated state information to the memory subsystem; and 

wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections; and 

wherein the ingress SDS comprises an SDS as in claim 1, and wherein the egress 
SDS comprises an SDS as in claim 1. 
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18. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
an egress SDS; 

5 a timer SDS, adapted to perform timing-related tasks; 

wherein the ingress SDS is adapted to read from a memory subsystem state 
information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 

wherein the egress SDS is adapted to read from the memory subsystem state 
10 information corresponding to outgoing TCP packets, to process the outgoing packets 
accordingly, and to write updated state information to the memory subsystem; and 
wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections; and 
15 wherein the ingress SDS comprises an SDS as in claim 2, and wherein the egress 

SDS comprises an SDS as in claim 2. 

19. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
20 an egress SDS; 

a timer SDS, adapted to perform timing-related tasks; 
wherein the ingress SDS is adapted to read from a memory subsystem state 
information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 
25 wherein the egress SDS is adapted to read from the memory subsystem state 

information corresponding to outgoing TCP packets, to process the outgoing packets 
accordingly, and to write updated state information to the memory subsystem; and 
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wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections; and 

wherein the ingress SDS comprises an SDS as in claim 3, and wherein the egress 
SDS comprises an SDS as in claim 3. 

20. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
an egress SDS; 

a timer SDS, adapted to perform timing-related tasks; 

wherein the ingress SDS is adapted to read from a memory subsystem state 
information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 

wherein the egress SDS is adapted to read from the memory subsystem state 
information corresponding to outgoing TCP packets, to process the outgoing packets 
accordingly, and to write updated state information to the memory subsystem; and 

wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections; and 

wherein the ingress SDS comprises an SDS as in claim 4, and wherein the egress 
SDS comprises an SDS as in claim 4. 

21. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
an egress SDS; 

a timer SDS, adapted to perform timing-related tasks; 

wherein the ingress SDS is adapted to read from a memory subsystem state 
information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 



501 143.000034 Austin 185402vl0 



-18- 



wherein the egress SDS is adapted to read from the memory subsystem state 
information corresponding to outgoing TCP packets, to process the outgoing packets 
accordingly, and to write updated state information to the memory subsystem; and 

wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections; and 

wherein the ingress SDS comprises an SDS as in claim 5, and wherein the egress 
SDS comprises an SDS as in claim 5. 

22. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
an egress SDS; 

a timer SDS, adapted to perform timing-related tasks; 

wherein the ingress SDS is adapted to read from a memory subsystem state 
information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 

wherein the egress SDS is adapted to read from the memory subsystem state 
information corresponding to outgoing TCP packets, to process the outgoing packets 
accordingly, and to write updated state information to the memory subsystem; and 

wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections; and 

wherein the ingress SDS comprises an SDS as in claim 6, and wherein the egress 
SDS comprises an SDS as in claim 6. 

23. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
an egress SDS; 

a timer SDS, adapted to perform timing-related tasks; 
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wherein the ingress SDS is adapted to read from a memory subsystem state 
information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 

wherein the egress SDS is adapted to read from the memory subsystem state 
5 information corresponding to outgoing TCP packets, to process the outgoing packets 
accordingly, and to write updated state information to the memory subsystem; and 

wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections; and 
10 wherein the ingress SDS comprises an SDS as in claim 7, and wherein the egress 

SDS comprises an SDS as in claim 7. 
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24. A TCP acceleration system comprising: 

an ingress state decision subsystem (SDS); 
an egress SDS; 

a timer SDS, adapted to perform timing-related tasks; 
5 wherein the ingress SDS is adapted to read from a memory subsystem state 

information corresponding to incoming TCP packets, to process the incoming packets 
accordingly, and to write updated state information to the memory subsystem; 

wherein the egress SDS is adapted to read from the memory subsystem state 
information corresponding to outgoing TCP packets, to process the outgoing packets 
10 accordingly, and to write updated state information to the memory subsystem; and 

wherein the timer SDS is adapted to read from the memory subsystem state 
information and to perform time-related processing of the state information and 
corresponding TCP connections. 

15 25. The TCP acceleration system of claim 24, wherein the ingress SDS is further adapted 
to open and close TCP connections. 

26. An intranet, wherein at least one TCP acceleration system as in claim 24 processes 
packets corresponding to a plurality of TCP connections, each connection having both 

20 terminations within the intranet. 

27. An intranet, wherein at least one TCP acceleration system as in claim 24 processes 
packets corresponding to a plurality of TCP connections, each connection having one 
termination outside of the intranet. 

25 

28. A TCP acceleration system as in claim 24, wherein the system processes packets 
corresponding to a plurality of TCP connections, each connection having both 
terminations within the Internet. 
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29. A network of selected computing devices having at least one TCP acceleration system 
as in claim 24 that processes packets corresponding to a plurality of TCP connections, 
each connection having both terminations within the intranet. 

5 30. A network of selected computing devices having at least one TCP acceleration system 
as in claim 24 that processes packets corresponding to a plurality of TCP connections, 
each connection having one termination outside of the network. 

31. A load balancer including at least one TCP acceleration system as in claim 24. 

10 

32. A firewall including at least one TCP acceleration system as in claim 24. 

33. An intrusion detection system including at least one TCP acceleration system as in 
claim 24. 

15 

34. The TCP acceleration system of claim 24, wherein the ingress SDS includes an SDS. 

35. The TCP acceleration system of claim 24, wherein the egress SDS includes an SDS. 
20 36. The TCP acceleration system of claim 24, wherein the timer SDS includes an SDS. 
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37. A first SDS, comprising: 

an inload module; 

an unload module; 

a second memory subsystem; 

a second SDS; 

wherein the inload module is adapted to read state information corresponding to a 
TCP packet from a first memory subsystem and to write a context to the second memory 
subsystem, wherein the context includes the state information and the TCP packet; 

wherein the second SDS is adapted to read the context from the second memory 
subsystem, process the context, and write the processed context to the second memory 
subsystem; and 

wherein the unload module is adapted to read the processed context from the 
second memory subsystem and to write the processed context to the first memory 
subsystem. 

38. The first SDS of claim 37, further comprising a coherency module adapted to 
compare contents of the inload module and the unload module and, if the contents of each 
correspond to the same TCP connection, replacing the state-related content of the inload 
module with the state-related content of the unload module. 

39. A state decision subsystem (SDS) for processing TCP connections with improved 
efficiency, the SDS comprising: 

an inload module; 

a simple programmable entity (SPE); 
an SPE memory; 
an unload module; 
a coherency module; 

wherein the inload module is adapted to read state information corresponding to a 
plurality of TCP packets from a memory subsystem and to write a plurality of contexts to 
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the SPE memory, wherein each of the plurality of contexts includes at least one of the 
plurality of TCP packets and corresponding state information; 

wherein the SPE is adapted to read the each of the plurality of contexts from the 
SPE memory, to process each of the plurality of contexts, and to write the each of the 
plurality of processed contexts to the SPE memory, wherein the each of the plurality of 
processed contexts includes a processed TCP packet and corresponding processed state 
information; 

wherein the unload memory is adapted to read each of the plurality of processed 
first contexts and to write the corresponding processed state information to the memory 
subsystem; and 

wherein the coherency module is adapted to replace a first portion of the state- 
related content of the inload module, the unload module, and the SPE memory with a 
second portion of the state-related content of the inload module, the unload module, and 
the SPE memory if: 

the first portion corresponds to the same TCP connection as the second 

portion; and 

the first portion is rendered outdated by the second portion. 



501143.000034 Austin 185402vl0 



-24- 



